Module ts

timestamp module provide basic Time Stamping Authority (TSA) client and server operations as specified in RFC 3161 (Time-Stamp Protocol, TSP).

A TSA can be part of a PKI deployment and its role is to provide long term proof of the existence of a certain datum before a particular time.

Usage:

    ts = require'openssl'.ts

Functions

ts_msg_imprint_new (data, alg) create a new ts_msg_imprint object.
ts_msg_imprint_read (data) read and parse ts_msg_imprint from DER encoded data
export () export a ts_msg_imprint object as DER encoded data
msg () get a ts_msg_imprint msg
algo () get a ts_msg_imprint algo
totable () get a ts_msg_imprint table contains msg and algo fields
dup () duplicate ts_msg_imprint object
ts_accuracy_new ([seconds[, millis[, micros]]]) create new timestamp accuracy object
seconds ([seconds]) get or set accuracy in seconds
millis ([millis]) get or set accuracy in milliseconds
micros ([micros]) get or set timestamp accuracy microseconds
dup () duplicate timestamp accuracy object
export () export timestamp accuracy to DER encoded string
ts_accuracy_read (data) read timestamp accuracy from DER data
totable () convert timestamp accuracy to table representation
version () get version of ts_tst_info object object
policy_id () get policy_id of ts_tst_info object object
msg_imprint () get msg_imprint of ts_tst_info object object
serial () get serialNumber of ts_tst_info object object
time () get time of ts_tst_info object object
accuracy () get accuracy of ts_tst_info object object
ording () get ordering of ts_tst_info object object
ordering () get ordering flag from timestamp info
nonce () get nonce of ts_tst_info object object
tsa () get tsa nonce of ts_tst_info object object
extensions () get extensions nonce of ts_tst_info object object
req_new ([version=1]) create a new ts_req object.
req_read (input) read ts_req object from string or bio data
resp_read (input) read ts_resp object from string or bio input
resp_ctx_new (signer, pkey, identity) create ts_resp_ctx object
verify_ctx_new ([reqdata=nil]) create ts_verify_ctx object

Class ts_req

ts_req:dup () make a clone of ts_req object
ts_req:cert_req () get cert_req
ts_req:cert_req (cert_req) set cert_req
ts_req:nonce () get nonce
ts_req:nonce (nonce) set nonce
ts_req:policy_id () get policy_id
ts_req:policy_id (id) set policy_id
ts_req:version () get version
ts_req:version (version) set version
ts_req:msg_imprint () get msg_imprint
ts_req:msg_imprint (data[, md_alg='sha']) set msg_imprint
ts_req:to_verify_ctx () create ts_verify_ctx from ts_req object
ts_req:export () export ts_req to string
ts_req:add_ext (extension[, location]) add X509 extension to timestamp request
ts_req:info () get info as table

Class ts_resp

ts_resp:dup () duplicate ts_resp object
ts_resp:export () export ts_resp to string
ts_resp:tst_info ([field]) get tst_info as table or tst_info filed value
ts_resp:status_info () get status_info as table
ts_resp:token () get pkcs7 token of ts_tst_info

Class ts_resp_ctx

ts_resp_ctx:create_response (data) create response for ts_req
ts_resp_ctx:sign (data) sign ts_req and get ts_resp, alias of create_response
ts_resp_ctx:signer () get signer cert and pkey
ts_resp_ctx:signer (cert, pkey) set signer cert and pkey
ts_resp_ctx:certs (certs) set additional certs
ts_resp_ctx:default_policy (policy) set default policy
ts_resp_ctx:policies (policies) set policies
ts_resp_ctx:accuracy () get accuracy
ts_resp_ctx:accuracy (seconds, millis, micros) set accuracy
ts_resp_ctx:clock_precision_digits () get clock_precision_digits
ts_resp_ctx:clock_precision_digits (clock_precision_digits) set clock_precision_digits
ts_resp_ctx:flags () get flags
ts_resp_ctx:md (mds) set support digest method
ts_resp_ctx:md (md_alg) add digest
ts_resp_ctx:tst_info ([field]) get tst_info as table
ts_resp_ctx:request () get ts_req object
ts_resp_ctx:set_serial_cb (serial_cb) set serial generate callback function
ts_resp_ctx:set_time_cb (time_cb) set time callback function

Class ts_verify_ctx

ts_verify_ctx:store () get x509_store cacerts
ts_verify_ctx:store (cacerts) set x509_store cacerts
ts_verify_ctx:flags (flags[, add=nil]) set or add flags
ts_verify_ctx:data (data) set data
ts_verify_ctx:imprint () get imprint
ts_verify_ctx:imprint (imprint) set imprint
ts_verify_ctx:verify (data) verify ts_resp object, pkcs7 token or ts_resp data


Functions

ts_msg_imprint_new (data, alg)
create a new ts_msg_imprint object.

Parameters:

  • data string
  • alg string, integer or asn1_object name, nid or object identity

Returns:

    ts_msg_imprint
ts_msg_imprint_read (data)
read and parse ts_msg_imprint from DER encoded data

Parameters:

  • data string DER encoded ts_msg_imprint data

Returns:

    ts_msg_imprint or nil parsed object or nil on error
export ()
export a ts_msg_imprint object as DER encoded data

Returns:

    string
msg ()
get a ts_msg_imprint msg

Returns:

    asn1_string
algo ()
get a ts_msg_imprint algo

Returns:

    openssl.x509_algor
totable ()
get a ts_msg_imprint table contains msg and algo fields

Returns:

    table
dup ()
duplicate ts_msg_imprint object

Returns:

    ts_msg_imprint
ts_accuracy_new ([seconds[, millis[, micros]]])
create new timestamp accuracy object

Parameters:

  • seconds number accuracy in seconds (optional)
  • millis number accuracy in milliseconds (optional)
  • micros number accuracy in microseconds (optional)

Returns:

    ts_accuracy new timestamp accuracy object or nil on failure
seconds ([seconds])
get or set accuracy in seconds

Parameters:

  • seconds number optional seconds value to set (optional)

Returns:

  1. number current seconds value when called without parameters
  2. boolean true when setting value successfully
millis ([millis])
get or set accuracy in milliseconds

Parameters:

  • millis number optional milliseconds value to set (optional)

Returns:

  1. number current milliseconds value when called without parameters
  2. boolean true when setting value successfully
micros ([micros])
get or set timestamp accuracy microseconds

Parameters:

  • micros number microseconds value to set (if provided) (optional)

Returns:

  1. number current microseconds value (if getting)
  2. boolean success status (if setting)
dup ()
duplicate timestamp accuracy object

Returns:

    ts_accuracy new duplicated ts_accuracy object
export ()
export timestamp accuracy to DER encoded string

Returns:

    string DER encoded representation of ts_accuracy object
ts_accuracy_read (data)
read timestamp accuracy from DER data

Parameters:

  • data string DER encoded timestamp accuracy data

Returns:

    ts_accuracy timestamp accuracy object or nil on failure
totable ()
convert timestamp accuracy to table representation

Returns:

    table accuracy information with micros, millis, and seconds fields
version ()
get version of ts_tst_info object object

Returns:

    integer
policy_id ()
get policy_id of ts_tst_info object object

Returns:

    asn1_object
msg_imprint ()
get msg_imprint of ts_tst_info object object

Returns:

    ts_msg_imprint
serial ()
get serialNumber of ts_tst_info object object

Returns:

    openssl.bn
time ()
get time of ts_tst_info object object

Returns:

    asn1_time
accuracy ()
get accuracy of ts_tst_info object object

Returns:

    table
ording ()
get ordering of ts_tst_info object object

Returns:

    table
ordering ()
get ordering flag from timestamp info

Returns:

    boolean true if ordering is required
nonce ()
get nonce of ts_tst_info object object

Returns:

    openssl.bn
tsa ()
get tsa nonce of ts_tst_info object object

Returns:

    x509.name
extensions ()
get extensions nonce of ts_tst_info object object

Returns:

    table
req_new ([version=1])
create a new ts_req object.

Parameters:

  • version integer (default 1)

Returns:

    ts_req timestamp sign request object

See also:

req_read (input)
read ts_req object from string or bio data

Parameters:

Returns:

    ts_req timestamp sign request object

See also:

resp_read (input)
read ts_resp object from string or bio input

Parameters:

Returns:

    ts_resp object
resp_ctx_new (signer, pkey, identity)
create ts_resp_ctx object

Parameters:

  • signer x509 timestamp certificate
  • pkey evp_pkey private key to sign ts_req
  • identity asn1_object, string or nid for default policy object

Returns:

    ts_resp_ctx object
verify_ctx_new ([reqdata=nil])
create ts_verify_ctx object

Parameters:

  • reqdata string or ts_req (default nil)

Returns:

    ts_verify_ctx object

Class ts_req

openssl.ts_req object
ts_req:dup ()
make a clone of ts_req object

Returns:

    ts_req
ts_req:cert_req ()
get cert_req

Returns:

    boolean true for set or not
ts_req:cert_req (cert_req)
set cert_req

Parameters:

  • cert_req boolean

Returns:

    boolean result
ts_req:nonce ()
get nonce

Returns:

    bn openssl.bn object
ts_req:nonce (nonce)
set nonce

Parameters:

Returns:

    boolean result
ts_req:policy_id ()
get policy_id

Returns:

    asn1_object
ts_req:policy_id (id)
set policy_id

Parameters:

  • id asn1_object or number identity for asn1_object

Returns:

    boolean result
ts_req:version ()
get version

Returns:

    integer
ts_req:version (version)
set version

Parameters:

  • version integer

Returns:

    boolean result
ts_req:msg_imprint ()
get msg_imprint

Returns:

  1. string octet octet string
  2. table with algorithm and paramater
ts_req:msg_imprint (data[, md_alg='sha'])
set msg_imprint

Parameters:

  • data string digest value of message
  • md_alg string or evp_md (default 'sha')

Returns:

    boolean result
ts_req:to_verify_ctx ()
create ts_verify_ctx from ts_req object

Returns:

    ts_verify_ctx object
ts_req:export ()
export ts_req to string

Returns:

    string
ts_req:add_ext (extension[, location])
add X509 extension to timestamp request

Parameters:

  • extension x509_extension X509 extension to add
  • location number position to insert extension (optional)

Returns:

    boolean true on success, false on failure
ts_req:info ()
get info as table

Returns:

    table

Class ts_resp

openssl.ts_resp object
ts_resp:dup ()
duplicate ts_resp object

Returns:

    ts_resp object
ts_resp:export ()
export ts_resp to string

Returns:

    string
ts_resp:tst_info ([field])
get tst_info as table or tst_info filed value

Parameters:

Returns:

    tst_info table or feild value
ts_resp:status_info ()
get status_info as table

Returns:

    table
ts_resp:token ()
get pkcs7 token of ts_tst_info

Returns:

    token

Class ts_resp_ctx

openssl.ts_resp_ctx object
ts_resp_ctx:create_response (data)
create response for ts_req

Parameters:

  • data string, bio or ts_req support string,bio ts_req content or ts_req object

Returns:

    ts_resp result
ts_resp_ctx:sign (data)
sign ts_req and get ts_resp, alias of create_response

Parameters:

  • data string, bio or ts_req support string,bio ts_req content or ts_req object

Returns:

    ts_resp result
ts_resp_ctx:signer ()
get signer cert and pkey

Returns:

  1. x509 cert object or nil
  2. evp_pkey pkey object or nil
ts_resp_ctx:signer (cert, pkey)
set signer cert and pkey

Parameters:

  • cert x509 signer cert
  • pkey evp_pkey signer pkey

Returns:

    boolean result
ts_resp_ctx:certs (certs)
set additional certs

Parameters:

  • certs table array of certificates

Returns:

    boolean success
ts_resp_ctx:default_policy (policy)
set default policy

Parameters:

  • policy asn1_object, integer or string

Returns:

    boolean success
ts_resp_ctx:policies (policies)
set policies

Parameters:

  • policies asn1_object, integer, string, stack_of_asn1_object or table

Returns:

    boolean success
ts_resp_ctx:accuracy ()
get accuracy

Returns:

  1. integer seconds
  2. integer millis
  3. integer micros
ts_resp_ctx:accuracy (seconds, millis, micros)
set accuracy

Parameters:

  • seconds integer
  • millis integer
  • micros integer

Returns:

    boolean result
ts_resp_ctx:clock_precision_digits ()
get clock_precision_digits

Returns:

    integer clock_precision_digits
ts_resp_ctx:clock_precision_digits (clock_precision_digits)
set clock_precision_digits

Parameters:

  • clock_precision_digits integer

Returns:

    boolean result
ts_resp_ctx:flags ()
get flags
ts_resp_ctx:md (mds)
set support digest method

Parameters:

  • mds table support digest method

Returns:

    boolean result
ts_resp_ctx:md (md_alg)
add digest

Parameters:

Returns:

    boolean result
ts_resp_ctx:tst_info ([field])
get tst_info as table

Parameters:

Returns:

    tst_info table or feild value
ts_resp_ctx:request ()
get ts_req object

Returns:

    rs_req
ts_resp_ctx:set_serial_cb (serial_cb)
set serial generate callback function

Parameters:

  • serial_cb function serial_cb with proto funciont(ts_resp_ctx, arg) return openssl.bn end

Usage:

    function serial_cb(tsa,arg)
  local bn = ...
  return bn
end
local arg = {}
ts_resp_ctx:set_serial_cb(serial_cb, arg)
ts_resp_ctx:set_time_cb (time_cb)
set time callback function

Parameters:

  • time_cb function serial_cb with proto funciont(ts_resp_ctx, arg) return sec, usec end

Usage:

    function time_cb(tsa,arg)
  local time = os.time()
  local utime = nil
  return time,utime
end
local arg = {}
ts_resp_ctx:set_time_cb(time_cb, arg)

Class ts_verify_ctx

openssl.ts_verify_ctx object
ts_verify_ctx:store ()
get x509_store cacerts

Returns:

    stack_of_x509
ts_verify_ctx:store (cacerts)
set x509_store cacerts

Parameters:

  • cacerts x509_store

Returns:

    boolean result
ts_verify_ctx:flags (flags[, add=nil])
set or add flags

Parameters:

  • flags integer
  • add boolean or set flags, default to do set (default nil)

Returns:

    integer return current value
ts_verify_ctx:data (data)
set data

Parameters:

  • data bio object

Returns:

    boolean result
ts_verify_ctx:imprint ()
get imprint

Returns:

    string imprint
ts_verify_ctx:imprint (imprint)
set imprint

Parameters:

Returns:

    boolean result
ts_verify_ctx:verify (data)
verify ts_resp object, pkcs7 token or ts_resp data

Parameters:

  • data ts_resp, pkcs7 or string

Returns:

    boolean result
generated by LDoc 1.5.0 Last updated 2025-11-02 11:59:05